《欧盟:计算机化系统的验证-核心文件(中英文).pdf》由会员分享,可在线阅读,更多相关《欧盟:计算机化系统的验证-核心文件(中英文).pdf(11页珍藏版)》请在三一文库上搜索。
1、OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT PA/PH/OMCL (08) 69 3R VALIDATION OF COMPUTERISED SYSTEMS 计算机化系统的验证计算机化系统的验证 CORE DOCUMENT 核心文件核心文件 Full document title and reference 文件全名和索引号 Validation of COmputerised Systems Core Document PA/PH/OMCL(08)69 3R Document type 文件类型 Guide
2、line Legislative basis 立法基础 - Date of first adoption 首次发行日期 May 2009 Date of original entry into force 首次执行日期 July 2009 Date of entry into force of revised document 修订后执行日期 - Previous titles/other references 原文件名/其它索引号 - Custodian Organisation 保管机构 The present document was elaborated by the OMCL Net
3、work/ EDQM of the Council of Europe Concerned Network 相关网络 GEON VALIDATION OF COMPUTERISED SYSTEMS 计算机化系统验证计算机化系统验证 CORE DOCUMENT 核心文件核心文件 SCOPE 范围范围 This guideline defines basic principles for the validation of computerised systems used within Official Medicines Control Laboratories (OMCLs) with im
4、pact on quality of results. The purpose of this validation is to guarantee the confidence in scientific results obtained with each computerised system. A validated system ensures accurate results and reduces the risk of failure of the system. 本指南给出了在 OMCL 化验室使用的计算机化系统验证的基本原则。本验证的 目的是保证由每个计算机化系统所得到的科
5、学结果的可信性。一个验证体系会保证 准确的结果,降低系统失败的风险。 This document covers in-house and commercial software for calculation, database computerised systems, Laboratory Information Management Systems (LIMS), Electronic Laboratory Notebooks (ELN) and computers as part of test equipment. 本文件包括了内控和商业计算软件,数据库计算机化系统,化验室信息管理系
6、 统(LIMS),化验室电子笔记本(ELN)和计算机作为检测仪器的一部分。 INTRODUCTION 介绍 This guideline outlines general validation principles for computerised systems of OMCLs in accordance with ISO/IEC 17025. It gives general requirements and it also lists the minimum elements required for the validation of different types of softw
7、are. Actually, due to the great variety of software, it is not possible to state in one single document all the specific validation elements that are applicable. 本指南给出了根据 ISO/IEC 17025 制订的OMCL计算机化系统通用验证原则的 纲要。它给出了通用要求,同时列出了对不同软件类型的验证所需的最低元素清单。 实际上,由于软件之间差异巨大,不可能在一个文件中给出所有实用的特定的验证 元素。 This guideline
8、is intended for use by OMCLs working under Quality Management Systems based on the ISO/IEC 17025 standard, which use computerised systems for a part or the totality of the processes related to the quality control of medicines, and it is not addressed to manufacturers working under GMP requirements.
9、本指南是提供采用计算机系统作为一部分或全部药品质量控制有关的过程的 OMCL,在基于 ISO/IEC 17025 标准的质量管理系统的工作使用,不是针对在 GMP 要求下工作的供应商。 In order to simplify the management of the guideline, the present document contains only a general introduction and general requirements for different types of computerised systems. The core document is supp
10、lemented with system-related annexes, containing additional requirements and/or practical examples of validation documentation, which are to be used in combination with the general recommendations given in the core document. 为了简化指南的管理,本文件仅包括通用介绍和不同计算机化系统类型的通用 要求。本核心文件增补有系统相关附件,包括额外要求和/或部分验证文件举例,这 些可
11、以与核心文件中给出的通用推荐结合使用。 The list of annexes, included in this document, will be updated as soon as new annexes are issued. 一旦新的附件签署,包括在本文件的附件清单将会被更新。 This document should be considered as a guide to OMCLs for planning, performing and documenting the validation of their computerised systems. It should no
12、t be taken as a list of compulsory requirements. It is left to the professional judgement and background experience of each OMCL to decide on the most relevant procedures to be undertaken in order to give evidence that their computerised systems are working properly and are appropriate for their int
13、ended use. 应将本文作为 OMCL 计划、实施和记录计算机化系统验证时的指南,而不是作 为一个强制的清单。应该由专家判断和每个 OMCL 背景经验来决定,为了给出证据 说明各实验室的计算机化系统正常工作并适合其用途,哪些最相关的程序是需要执 行的。 DEFINITIONS 定义定义 Computer system: Computer hardware components assembled to perform in conjunction with a set of software programmes, which are collectively designed to p
14、erform a specific function or group of functions. 计算机系统:组装起来的计算机硬件组件,与一系列软件程序相关联,组合设 计可以实施一个特定功能或一些功能。 Computerised system: a computer system plus the controlled function that it operates. Includes hardware, software, peripheral devices, personnel, and documentation; e.g., manuals and Standard Opera
15、ting Procedures (SOPs). 计算机化系统:一个计算机系统和其操作的控制功能。包括硬件、软件、外围 设备、人员和文件,例如手册和标准操作程序(SOPs)。 Commercial (off-the-shelf, configurable) software: Configurable programmes that can be configured to specific user applications by “filling in the blanks”, without altering the basic programme. 商业(集成、已设定参数)软件:可以由指
16、定用户通过“填写空白”设定参数的 程序,不改变基本程序 In-house developed software: system developed by the user (or by a contracted company), with the purpose of specifically meeting a defined set of user requirements. 自主开发的软件:由用户自己(或由合同公司)开发的系统,可以满足用户设 定的专用目的 Electronic laboratory notebook (ELN): software programme designed
17、 to replace paper laboratory notebooks. 化验室电子笔记本(ELN):设计用于代替纸质化验室笔记本的软件程序 Laboratory Information Management System (LIMS): Automated laboratory systems that collect and manage data. 化验室信息管理系统(LIMS):可以收集和管理数据的自动化实验室系统 1. HARDWARE 硬件硬件 The hardware used shall fulfil the technical requirements so that
18、the work to be completed can be carried out. Such requirements include e.g. minimum system requirements indicated by the manufacturer of the equipment. These requirements should be predefined in accordance with the intended use. 使用的硬件应满足技术规格要求,使得需要完成的工作可以实施。这些规格要 求包括,例如由仪器供应商指出的最低系统要求。这些要求应根据用途预先设定。
19、 The hardware components shall be installed by skilled personnel (e.g. staff from the Information Technology (IT) Unit, the technician from the manufacturer of the equipment, or other trained personnel), and shall be checked for their functionality and compared with the requirements. 硬件组件应由熟练的人员安装(例
20、如 IT 部门的员工,设备供应商的技术人员, 或其它经过培训的人员),应检查组件的功能并与规格要求相比较。 Computerised systems that are part of test equipment must be labelled unambiguously. 作为检测仪器的一部分的计算机化系统必须清楚地进行标识。 For computerised systems which are components of test equipment, records must be kept on hardware configuration, installation and cha
21、nges. These records can be entered in the logbook of the test equipment. 对于检测仪器的组件的计算机化系统,必须保存硬件参数、安装和变更的记录。 这些记录可以输入检测仪器的日志中。 2. GENERAL REQUIREMENTS FOR SOFTWARE 软件通用要求软件通用要求 Inventory 系统清单 An inventory or listing of all computerised systems should be available. 一个计算机化系统的清单应保存 The following minimu
22、m information should be included in the computerised systems inventory: 以下最少的信息应包括在计算机化软件的系统清单中 unique identification 唯一识别 Purpose 目的 validation status 验证状态 physical or storage (drive and files path) location of the software and related documentation 软件和相关文件的物理或贮存(驱动器和文件路径)位置 responsible or contact
23、person 负责人或联系人 In the case of local installation (workstation), each copy of the software needs its own unique identification. 如果在本地进行安装(工作站),每个软件的复制件均需要其唯一的识别号。 In the case of software related to scientific equipment (e.g. HPLC) its identification (such as license number or serial number, and versi
24、on number) should be independent from the equipment identification, whenever possible. 如果软件与科学仪器相关(例如 HPLC),只要是在可能的情况下,其识别号 (例如许可号或序列号,和版本号)应独立于仪器识别号。 Validation of the software 软件验证 Prior to routine use, the software should be validated. 在日常使用前,软件需要进行验证。 Validation consists in confirmation by exami
25、nation and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through software can be consistently fulfilled. 验证包含在相关的检查确认和客观证据内容中,包括软件规格是否符合用户需 求和所设定的使用目的,以及软件应用的特殊规格要求可以持续地得到满足。 Change control 变更控制变
26、更控制 In case of changes in the software, the validation status needs to be re-established. If a revalidation analysis is needed, it should be conducted not just for validation of the individual change, but also to determine the extent and impact of that change on the entire computerised system. 如果变更是
27、针对软件的,验证状态需要更新。如果需要一个再验证分析,则应 进行再验证分析,这个分析不仅是针对单个的变更的验证,同时应确认其验证深度 和变更对整个计算机化系统的影响。 In the same way, changes in the computer environment could have an impact on the software running. In this case, a revalidation could be required. 同样,对于计算机环境的变更可能会影响到软件运行。在此情况下,可能需要 进行再验证。 In both cases, the extent o
28、f the revalidation will depend on the nature of the change. The nature of the changes should be documented. 两种情况下,再验证的深度均取决于变更的性质。变更的性质应有记录。 Automatic updates should ideally be controlled by IT or a system administrator and installed at pre-defined dates to minimize both disruption and unexpected be
29、haviour of the system. Following installation of updates, verification should be carried out, the extent of which will depend on the extent of the update(s). Each update should be documented. 自动升级的理想情况是由 IT 来控制,或者由系统管理员控制,并在预订的日期 进行安装,以最大程度减小对系统的干扰和意外行为。在升级安装完成后,应进行 验证,验证的深度取决于升级的深度。每一次升级均应该记录。 Note
30、: this does not necessarily apply to service patches for commercial office software. 注:对于商业办公软件的服务补丁,可能不需要这些工作。 Verification of the software 软件确认 Commercial software should be checked at installation. 商业软件在安装时应进行检查。 Concerning in-house software, it should be verified not only at installation but als
31、o on a regular basis to avoid any error and guarantee good results. The regularity of the verification depends on software safety, usage frequency and the possible impact, if there is a failure. 对于自主开发的软件,应不仅对安装进行确认,还要进行常规确认,以避免任 何错误及保证良好结果。确认的常规性取决于软件的安全性,使用频次和可能的影 响,如果有失败的话。 In both cases, the OMC
32、L?s policy should be described in a procedure. OMCL 的政策应在某个程序中描述以上两种情况。 Protection of the software 软件保护 Software must be protected against any intrusion that could generate wrong scientific results. One way could be to secure software or computers/systems access by a password. It must also be protec
33、ted against any external interference that could change the data and affect the final results. 软件应受到保护,使其不会受到干扰而产生错误的科学结果。保护软件或计算 机/系统的一个方法是使用密码登录。同时还必须保护使其不受到任何外来干扰而改 变数据及影响最终结果。 Backup 备份备份 Traceability must be ensured from raw data to results. If all or part of the traceability of parameters rele
34、vant for the quality of the results is available only in electronic form, a backup process must be implemented to allow for recovery of the system following any failure which compromises its integrity. Back up frequency depends on data criticality, amount of stored data and frequency of data generat
35、ion. 必须保证从原始数据到结果的可追溯性。如果与结果质量相关参数的所有或部 分追溯性仅采用电子形式,则需要有备份程序以允许在任何失败后进行系统恢复, 以保证其完整性。备份频次取决于数据是否关键,存贮数据的数量和数据产生的频 次。 The OMCLs should have a policy and procedure in place for ensuring the integrity of backups (secure storage location, adequately separated from the primary storage location, etc) this
36、 may be part of a more general ?disaster recovery plan?. OMCL 应制订政策和程序以保证备份的完整性(保护贮存位置,与原始存贮位 置有充分分开等)-这可能是“灾难恢复计划”的一部分。 A procedure for regular testing of backup data (restore test), to verify the proper integrity and accuracy of data, should be also in place. 对于备份数据应有一个常规测试的程序(恢复测试),以确认数据完整性和准 确性。
37、 Archive of superseded software versions 软件前版本的存档 Superseded versions of software should be archived (if required for access to historical data) for at least 5 years1 in a retrievable and readable electronic format. 软件的前版本应进行保存(如果需要进入历史数据)至少 5 年,且应是可以恢 复和可读的电子格式。 Note: this requirement is not applic
38、able to commercial off-the-shelf office software (including service patches), software that is archived by a qualified subcontractor or when historical data (raw data and results) are documented in paper format 注:这个要求不适用于商业现成的应用办公软件(包括服务补丁),不适用于 由有资质的分包商进行存档的软件或当历史数据采用纸质方式存档的情况(原始数 据和结果)。 Identifica
39、tion of software version 软件版本的识别 The version and name of the software should be displayed to the user at an appropriate stage of the operation of the software (e.g. on the screen when opening the application) and it should be traceable in any reports generated by the software. 软件的名称和版本号应在进行软件操作过程适当的
40、进程中显示给用户(例如当 启动应用软件时显示在屏幕上),且在软件形成的任何报告中均应可追溯。 For laboratory software on computers as part of test equipment, software updates including the version number should be traceable in the equipments? log book. 对于作为检测仪器一部分的计算机上的化验室软件,软件升级,包括版本号均 应在仪器的日志上可追溯。 Review of computerised systems 计算机化系统回顾 Risk m
41、anagement activities and/or audits should be performed on a regular basis for computerised systems. 应对计算机化系统进行常规的风险管理活动和/或审计。 Training of software operators 软件操作人员的培训 Correct operation of the software should be ensured. This may be done either by appropriate and documented training or through detail
42、ed information in the relevant SOPs. 必须要保证软件的正确操作。这可以通过适当的,经过记录的培训来进行,或 通过在相关 SOP 中所载的详细信息。 3. VALIDATION OF CALCULATION SOFTWARE 计算软件的验证计算软件的验证 Commercial or in-house developed software may be used for calculation and data analysis. 商业或自主开发软件都可能会被用于计算和数据分析。 The requested documentation/information,
43、applicable to both commercial and for in-house developed software for calculations, is shown in Table I. 要求的文件/信息,适用于商业软件和自主开发计算软件,显示在表 1 中 a) Commercial software 商业软件 If several pieces of commercial software are available, the laboratory should select the one that better fits the intended purpose.
44、如果有几个商业性软件均可用,实验室应选择更适用于其用途的一个。 According to ISO/IEC 17025 standard2, commercial off-the-shelf software (e.g. word-processing, database and statistical programmes), in general use within their designed application range, may be considered to be sufficiently validated. However, laboratory software co
45、nfigurations/modifications should be validated. 根据 ISO/IEC 17025 标准, 商业现成的应用软件(例如文字处理软件,数据库 和统计程序),一般在其设计的应用范围使用,可以作为已经过充分验证。但是, 化验室软件参数赋值/修改需要进行验证。 A reduced validation procedure (of these configurations/modifications) is acceptable if the documentation supplied with the commercial off-the-shelf pr
46、oduct has been reviewed and considered as fulfilling the user requirements. 如果商业现成的应用产品提供的文件已经过审阅, 并被认为满足用户需求的话, 可以接受(对这些参数赋值/修订)只进行简化的验证程序。 b) In-house software 自建软件 If in-house software are used, they are under the supervision of the main user; they must be validated, checked and secured. For more
47、 details on validation, see Annex 1. 如果使用了自建软件,则应处于主使用者的监督之下,还必须进行验证、检查 和保护。关于验证的细节,参见附件 1. General requirements: 一般要求 Concerning spreadsheets (e.g. Excel?), for security reasons, all cells including calculations must be locked in such a way that formulas are not accidentally overwritten. Free acces
48、s should only be given to cells to be filled in with data. Formulas should also be protected from accidental input of inappropriate data type (e.g. text in a numeric field). 关于应用表格(例如 EXCEL),出于安全原因,所有包括计算的单元格 必须锁定,以免其中的计算公式被意外改写。仅需要输入数据的单元格才可以被输 入内容。另外还需要设定对不适当数据类型的意外输入(例如在数字区域输入文本) Each calculation
49、 algorithm should be tested with another validated software (the software version used for the calculations should be traceable in the records) or by a pocket calculator and documented or in comparison with published data. 每个计算运算应采用另一个验证过的软件进行测试(用于计算的该软件 版本应在记录中可追溯),或者采用手工计算器,并记录与出版的数据进行比较。 A known dataset should be used for the verification of the software, for which the expected final results are identified. 应使用一个已知的数据集来对软件进行确认,该软件中应给出期望的最 终结果。 Table I: Software